Domestic spying internationally: Three years after Snowden

Nearly three years on and the world still finds itself tackling the consequences of the Snowden disclosures reports Max Metzger

Domestic spying internationally: Three years after Snowden

When the young Booz-Allen contractor fled to Hong Kong in 2013 and provided the evidence to Glenn Greenwald, Laura Poitras and Ewan Macaskill that the liberal west was not quite as liberal as it claimed, the world gasped.

Tempers have cooled since then, and fears have been realigned against the renewed threat of home-grown terrorism and the rise of Daesh. In fact, bulk collection has been all but publicly rehabilitated with the advent of proposals such as the Investigatory Powers Bill and these measures seem all the more justifiable in the wake of the Bataclan attacks.

“Most countries have data retention policies that are creeping up as cyber-security policies, or anti-terrorism policies but often they're also included in telecommunications regulations”, Alexandrine Pirlot de Corbion, an advocacy officer at Privacy International specialising in communications surveillance told SC Magazine UK.

Many of the world's rather intrusive spying programmes don't come with the drama that programmes such as the NSA's PRISM or GCHQ's Tempora programme have elicited in comfortable, liberally-minded societies.

Surveillance

In many other countries, the advent of bulk collection and intrusion systems has hardly been felt at all. When Privacy International reached out to citizens in countries such as Jordan, a state that already has an embedded legacy of surveilling its own citizens, the response was lukewarm. ‘Why would we be worried, we've been living under surveillance', the response commonly went. “There might not be a massive public outcry”, when these kind of programmes make their entrance said Pirlot de Corbion because “it's been part of their reality for so long.” In somewhere like Egypt, while agencies have bought interception equipment, it's often quicker, easier and cheaper “to just knock on someone's door and torture them.”

In some cases, bulk collection isn't needed by the simple fact that people don't keep their information private. Thailand for example is full of people who are quite happy to share personal information over social media. So why, said Pirlot de Corbion, “would a government invest millions of dollars in a bulk interception system if all they have to do is get the people on Facebook to get the information they want?”

Others, despite low levels of internet subscription, are still investing large amounts in buying domestic surveillance technology. Colombia had a penetration rate of 22 percent as of 2014, and still government bodies use intrusion technology despite its limited scope of use within the country.

Some countries have an inverse approach. Faced with the real threats of Boko Haram in the north, Nigeria has rather publically proclaimed its interest in bulk collection but this may serve a political objective just as much as a practical one.

Then again, political rhetoric is largely inseparable from these kinds of domestic spying. The terrorist attacks of recent memory, in Europe and further afield, are commonly attended by attempts to fast track otherwise overbearing security policies through national assemblies. Lord Carlile called for just that for the Investigatory Powers Bill after the Paris Attacks, saying to Sky News “we don't have time to wait”.

“It can pass through Parliament in the next three to four weeks if the Government decided that should happen,” said the Peer, “And I believe the necessary powers need to be on the statute book as quickly as that.”

Domestic surveillance and foreign intelligent is not such a clear cut line in the age of PRISM. The Five Eyes group, a network of intelligence sharing between Australia, the UK, the US, Canada and New Zealand already shares the findings of various domestic surveillance programmes. This is only the tip of the iceberg as the Five Eyes regularly share with, and receive information from third parties and allies. PRISM itself is run with contributions from GCHQ and the Australian Signals directorate.

Apple VS FBI

The showdown is overbetween the US FBI and Apple regarding demands that Apple produce a custom firmware update allowing the FBI to bypass security (including the limit on password attempts) on the iPhone 5c owned by San

Bernardino shooter Syed Rizwan Farook. US Attorney Eileen Decker announced in late March that, “The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc,” following unspecified actions by Israeli firm Cellebrite.

But the encryption debate stirred up by the case goes on. “Unfortunately, this news appears to be just a delay of an inevitable fight over whether the FBI can force Apple to undermine the security of its own products. We would all be more secure if the government ended this reckless effort,” Alex Abdo, staff attorney at the American Civil Liberties Union (ACLU), said in a statement emailed toSCmagazine.com.

The FBI had said that a new software update would only have been used for this singular occasion, with firmware for this one specific phone. But Apple said no, arguing that compying with this FBI request would endanger the privacy and security of not only its customers but also its products. Apple's CEO Tim Cook even went as far as calling it ‘unconstitutional'.

US district court judge Sharon Pym had said that Apple must provide “reasonable technical assistance” to gain access to the iPhone in question under the All Writs Act of 1789, which Apple's legal team say was not intended to be used by “judges to compel innocent third parties to provide decryption services to the FBI.”

Privacy advocates and much of the tech industry had thrown their support behind Apple. Critics cast doubt on the idea that any security bypass would only be used on this one case, saying it would set a precedent. So the phone has been opened but the issue isn't closed.

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.